Senior Security Engineer - Cloud, DevSecOps, Trust Engineering

About the team

At Roku our Trust Engineering team is a close-knit group of passionate professionals. Our mission To protect our customers partners devices services infrastructure and data. We work collaboratively sharing insights and expertise to stay ahead of the curve. Join us and youll be part of a dynamic team that thrives on challenges and celebrates victories together.

About the Role

As a Senior Security Engineer on the Trust Cloud team your role involves architecting designing and implementing end-to-end security controls to impact the global user base. A key focus is on developing automated scalable security solutions to enhance efficiency and protect Roku. This position requires expertise in creating and extending security automation tools including detection and process automation.

What you will be doing

Cloud

• Designing and implementing scalable automated security controls for AWS and GCP using infrastructure-as-code configuration-as-code and policy-as-code approaches (Terraform etc.) and developing supporting automation in Go and Python.

• Partnering with infrastructure platform and application teams to embed security into application architectures and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).

• Conducting security reviews and performing threat modeling for infrastructure platform and application initiatives.

• Improving IAM policies network configurations DNS security and cloud resource management practices.

• Designing and implementing integrations with third-party security platforms to automate vulnerability management secret detection and cloud posture monitoring ensuring findings are actionable and seamlessly integrated into engineering workflows.

• Respond to security incidents and triage contain remediate and report

• Leverage AI to accelerate your learning and enhance your work products

• Driving security initiatives end-to-end from identifying risks to delivering solutions with high autonomy in a fast-moving environment.

DevSecOps

• Designing and implementing automated security controls in CI/CD pipelines using GitLab Terraform and policy-as-code approaches.

• Building and maintaining developer-friendly tools and workflows that integrate security checks (SAST DAST dependency scanning container scanning) and secure secret management with Vault.

• Partnering with development infrastructure and platform teams to embed security into architecture build processes and deployment workflows as part of a robust Secure Software Development Lifecycle (SSDLC).

• Automating vulnerability detection misconfiguration checks and compliance validation across cloud and containerized environments.

• Creating reusable security automation modules templates and patterns for engineering teams to adopt.

We are excited if you have

• Experience doing security consulting and extensive time doing hands on implementation

• 3 years of Software Engineering experience with at least one general purpose programming language (ex. Python Golang C Rust etc.)

• Extensive experience in either PostgreSQL or MySQL with expertise in architecting designing securing hardening authentication authorization and auditing

• 3 years of experience working with/on BDPs

• Developed and/or implemented data tagging data catalogs or other data protection related activities

• Experience designing and administering enterprise identity and access management solutions at scale (ex: AD EntraID Okta etc)

• Experience securely running and operating web applications web services and service-oriented architecture in production environments.

• A proven track record of deploying and operating Kubernetes and containers in production.

• Experience deploying and operating infrastructure in other cloud providers (Azure Oracle IBM etc)

• Experience managing PKI/ X.509 certificate infrastructures

#L1-GL1